Implement 'Not secure' warning for non-secure pages in Incognito mode

components/security_state/core/security_state.cc

 // Copyright 2015 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "components/security_state/core/security_state.h"
 
 #include <stdint.h>
+#include <string>
 
 #include "base/command_line.h"
 #include "base/metrics/field_trial.h"
 #include "base/metrics/histogram_macros.h"
 #include "components/security_state/core/switches.h"
 #include "net/ssl/ssl_cipher_suite_names.h"
 #include "net/ssl/ssl_connection_status_flags.h"
 
 namespace security_state {
 
 namespace {
 
 // These values are written to logs. New enum values can be added, but existing
 // enums must never be renumbered or deleted and reused.
 enum MarkHttpStatus {
   NEUTRAL = 0,  // Deprecated
   NON_SECURE = 1,
   HTTP_SHOW_WARNING_ON_SENSITIVE_FIELDS = 2,
   NON_SECURE_AFTER_EDITING = 3,
   NON_SECURE_WHILE_INCOGNITO = 4,
   NON_SECURE_WHILE_INCOGNITO_OR_EDITING = 5,
   LAST_STATUS
 };
 
 // If |switch_or_field_trial_group| corresponds to a valid
-// MarkHttpAs group, sets |*level| and |*histogram_status| to the
+// MarkHttpAs setting, sets |*level| and |*histogram_status| to the
 // appropriate values and returns true. Otherwise, returns false.
 bool GetSecurityLevelAndHistogramValueForNonSecureFieldTrial(
     std::string switch_or_field_trial_group,
     bool displayed_sensitive_input_on_http,
+    bool is_incognito,
     SecurityLevel* level,
     MarkHttpStatus* histogram_status) {
-  if (switch_or_field_trial_group != switches::kMarkHttpAsDangerous)
-    return false;
-  *level = DANGEROUS;
-  *histogram_status = NON_SECURE;
-  return true;
+  if (switch_or_field_trial_group ==
+      switches::kMarkHttpAsNonSecureWhileIncognito) {
+    *histogram_status = NON_SECURE_WHILE_INCOGNITO;
+    *level = (is_incognito || displayed_sensitive_input_on_http)
+                 ? security_state::HTTP_SHOW_WARNING
+                 : NONE;
+    return true;
+  }
+  if (switch_or_field_trial_group ==
+      switches::kMarkHttpAsNonSecureWhileIncognitoOrEditing) {
+    *histogram_status = NON_SECURE_WHILE_INCOGNITO_OR_EDITING;
+    *level = (is_incognito || displayed_sensitive_input_on_http)
+                 ? security_state::HTTP_SHOW_WARNING
+                 : NONE;
+    return true;
+  }
+  if (switch_or_field_trial_group == switches::kMarkHttpAsDangerous) {
+    *histogram_status = NON_SECURE;
+    *level = DANGEROUS;
+    return true;
+  }
+
+  return false;
 }
 
 SecurityLevel GetSecurityLevelForNonSecureFieldTrial(
-    bool displayed_sensitive_input_on_http) {
+    bool displayed_sensitive_input_on_http,
+    bool is_incognito) {
   std::string choice =
       base::CommandLine::ForCurrentProcess()->GetSwitchValueASCII(
           switches::kMarkHttpAs);
   std::string group = base::FieldTrialList::FindFullName("MarkNonSecureAs");
 
   const char kEnumeration[] = "SSL.MarkHttpAsStatus";
 
   SecurityLevel level = NONE;
   MarkHttpStatus status;
 
   // If the command-line switch is set, then it takes precedence over
   // the field trial group.
   if (!GetSecurityLevelAndHistogramValueForNonSecureFieldTrial(
-          choice, displayed_sensitive_input_on_http, &level, &status)) {
+          choice, displayed_sensitive_input_on_http, is_incognito, &level,
+          &status)) {
     if (!GetSecurityLevelAndHistogramValueForNonSecureFieldTrial(
-            group, displayed_sensitive_input_on_http, &level, &status)) {
+            group, displayed_sensitive_input_on_http, is_incognito, &level,
+            &status)) {
       status = HTTP_SHOW_WARNING_ON_SENSITIVE_FIELDS;
       level = displayed_sensitive_input_on_http
                   ? security_state::HTTP_SHOW_WARNING
                   : NONE;
     }
   }
 
   UMA_HISTOGRAM_ENUMERATION(kEnumeration, status, LAST_STATUS);
   return level;
 }
@@ skipping 46 matching lines @@
 
   // Choose the appropriate security level for requests to HTTP and remaining
   // pseudo URLs (blob:, filesystem:). filesystem: is a standard scheme so does
   // not need to be explicitly listed here.
   // TODO(meacer): Remove special case for blob (crbug.com/684751).
   if (!is_cryptographic_with_certificate) {
     if (!is_origin_secure_callback.Run(url) &&
         (url.IsStandard() || url.SchemeIs(url::kBlobScheme))) {
       return GetSecurityLevelForNonSecureFieldTrial(
           visible_security_state.displayed_password_field_on_http ||
-          visible_security_state.displayed_credit_card_field_on_http);
+              visible_security_state.displayed_credit_card_field_on_http,
+          visible_security_state.is_incognito);
     }
     return NONE;
   }
 
   // Downgrade the security level for active insecure subresources.
   if (mixed_content_status == CONTENT_STATUS_RAN ||
       mixed_content_status == CONTENT_STATUS_DISPLAYED_AND_RAN ||
       content_with_cert_errors_status == CONTENT_STATUS_RAN ||
       content_with_cert_errors_status == CONTENT_STATUS_DISPLAYED_AND_RAN) {
     return kRanInsecureContentLevel;
@@ skipping 89 matching lines @@
   }
 
   security_info->contained_mixed_form =
       visible_security_state.contained_mixed_form;
 
   security_info->security_level = GetSecurityLevelForRequest(
       visible_security_state, used_policy_installed_certificate,
       is_origin_secure_callback, security_info->sha1_in_chain,
       security_info->mixed_content_status,
       security_info->content_with_cert_errors_status);
+
+  security_info->incognito_downgraded_security_level =
+      (visible_security_state.is_incognito &&
+       security_info->security_level == HTTP_SHOW_WARNING &&
+       security_state::IsHttpWarningForIncognitoEnabled());
 }
 
 }  // namespace
 
+bool IsHttpWarningForIncognitoEnabled() {
+  std::string choice =
+      base::CommandLine::ForCurrentProcess()->GetSwitchValueASCII(
+          switches::kMarkHttpAs);
+  std::string group = base::FieldTrialList::FindFullName("MarkNonSecureAs");
+  SecurityLevel level = NONE;
+  MarkHttpStatus status;
+
+  // If the command-line switch is set, then it takes precedence over
+  // the field trial group.
+  if (!GetSecurityLevelAndHistogramValueForNonSecureFieldTrial(
+          choice, false, true, &level, &status)) {
+    if (!GetSecurityLevelAndHistogramValueForNonSecureFieldTrial(
+            group, false, true, &level, &status)) {
+      return false;
+    }
+  }
+
+  return (status == NON_SECURE_WHILE_INCOGNITO ||
+          status == NON_SECURE_WHILE_INCOGNITO_OR_EDITING);
+}
+
 const base::Feature kHttpFormWarningFeature{"HttpFormWarning",
                                             base::FEATURE_DISABLED_BY_DEFAULT};
 
 SecurityInfo::SecurityInfo()
     : security_level(NONE),
       malicious_content_status(MALICIOUS_CONTENT_STATUS_NONE),
       sha1_in_chain(false),
       mixed_content_status(CONTENT_STATUS_NONE),
       content_with_cert_errors_status(CONTENT_STATUS_NONE),
       scheme_is_cryptographic(false),
       cert_status(0),
       security_bits(-1),
       connection_status(0),
       key_exchange_group(0),
       obsolete_ssl_status(net::OBSOLETE_SSL_NONE),
       pkp_bypassed(false),
       displayed_password_field_on_http(false),
       displayed_credit_card_field_on_http(false),
       contained_mixed_form(false),
-      cert_missing_subject_alt_name(false) {}
+      cert_missing_subject_alt_name(false),
+      incognito_downgraded_security_level(false) {}
 
 SecurityInfo::~SecurityInfo() {}
 
 void GetSecurityInfo(
     std::unique_ptr<VisibleSecurityState> visible_security_state,
     bool used_policy_installed_certificate,
     IsOriginSecureCallback is_origin_secure_callback,
     SecurityInfo* result) {
   SecurityInfoForRequest(*visible_security_state,
                          used_policy_installed_certificate,
@@ skipping 11 matching lines @@
       connection_status(0),
       key_exchange_group(0),
       security_bits(-1),
       displayed_mixed_content(false),
       contained_mixed_form(false),
       ran_mixed_content(false),
       displayed_content_with_cert_errors(false),
       ran_content_with_cert_errors(false),
       pkp_bypassed(false),
       displayed_password_field_on_http(false),
-      displayed_credit_card_field_on_http(false) {}
+      displayed_credit_card_field_on_http(false),
+      is_incognito(false) {}
 
 VisibleSecurityState::~VisibleSecurityState() {}
 
 bool VisibleSecurityState::operator==(const VisibleSecurityState& other) const {
   return (url == other.url &&
           malicious_content_status == other.malicious_content_status &&
           !!certificate == !!other.certificate &&
           (certificate ? certificate->Equals(other.certificate.get()) : true) &&
           connection_status == other.connection_status &&
           key_exchange_group == other.key_exchange_group &&
           security_bits == other.security_bits &&
           displayed_mixed_content == other.displayed_mixed_content &&
           ran_mixed_content == other.ran_mixed_content &&
           displayed_content_with_cert_errors ==
               other.displayed_content_with_cert_errors &&
           ran_content_with_cert_errors == other.ran_content_with_cert_errors &&
           pkp_bypassed == other.pkp_bypassed &&
           displayed_password_field_on_http ==
               other.displayed_password_field_on_http &&
           displayed_credit_card_field_on_http ==
               other.displayed_credit_card_field_on_http &&
-          contained_mixed_form == other.contained_mixed_form);
+          contained_mixed_form == other.contained_mixed_form &&
+          is_incognito == other.is_incognito);
 }
 
 }  // namespace security_state